My problem is I can imagine a finger print being converted to a random string and only transmitted in a form that cannot possibly be reverse engineered. I just don’t trust the security people to care enough.

This could make it virtually impossible to prove you are you or to prove a criminal (or CIA or NSA rep, but I repeat myself) aren’t you over any computer network.

1. An optical image / map
2. A contact map
3. A heat map
4. A conductivity map
5. Microbial activity delta (relative to before the scan)
6. Time of scan

Perhaps 1-10 MB of data in a signed, encypted transmission to the authenticator. The first four items would be processed and evaluated, looking for natural variability yet conformance to essential matching thresholds. The last two would be strictly for defending replay attacks.

Disclaimer: This is pure speculation on my part and not something I’ve put much thought into.

In addition: The main assumption of security is that we expect that the process starts with a finger swipe or a retinal scan. The authentication system back on the server doesn’t see this…it sees an encoded set of parameters that were calculated from the swipe/scan. Instead of an actual swipe, a thief could send a pre-generated data file which can spoof an authentication.

Think about this: while passwords and credit card information can be stored with their MD5SUM code (you don’t store the password, just a number derived from it), a retinal scan generates a slightly different set of parameters each time. There is no encrypting algorithm that you can use to store it with….you end up with very different numbers if you start with slightly different parameters.

Security is a multi-layered complex field. At the bottom of it all is the fact that a file has to be stored by the system to authenticate you and you can’t guarantee that the file will always be safe.

The gist was that biometric devices are inherently susceptible to spoofing. They make a great secondary factor in multi-factor authentication, but should not be used for single factor i.e. as the sole authenticating criterion.

Obviously technology will improve spoof resistance, but there is an arms (heh!) race to consider. I think the main factor is that fingers and retinas and such can be scanned and sampled in ways that pass phrases and private keys cannot.